fe51c8c1bc
Adds a self-contained minikube environment for local development and
testing alongside the existing production env.
env: minikube
- cluster.domain: minikube (browser DNS routes *.minikube → minikube ip)
- tls issuer: mkcert (CA-signed via cert-manager mkcert ClusterIssuer)
- storageClass: standard (minikube hostpath provisioner)
- backups disabled; storagebox disabled
- excludes argocd, forgejo, hcloud-csi (manual kubectl apply for testing)
prototypes/garage:
- hand-rolled S3-compatible object store (single Deployment + PVC)
- mittwald-generated rpc_secret + admin_token (hex)
- PostSync init Job: assigns cluster layout, ensures bucket and access
key, writes ocis-s3-credentials cross-namespace into ocis ns
- idempotent: skips if k8s secret already populated; otherwise rotates
the garage key (admin API only returns secretAccessKey on create)
- cross-ns RBAC re-pinned via zz-cross-ns-rbac-fix overlay (ns.ytt.yaml
clobbers explicit namespace fields)
ocis:
- new admin-user-id init Job ensures secret.user-id is a valid UUID v4
(mittwald can't generate UUIDs; ocis-settings rejects non-UUID ids)
- mittwald no longer manages user-id; existing prod UUIDs preserved
- insecure flag (oidcIdpInsecure / ocisHttpApiInsecure / ocmInsecure)
parameterized; defaults to false; minikube sets true for self-signed
OIDC issuer URL trust
other prototypes:
- victoria-metrics-single helm values ytt-ified (storageClassName)
- grafana admin secret now generated by mittwald (was hand-created in
prod; manifest is no-op there since mittwald only fills empty fields)
flake.nix: minikube + docker + postgresql added to dev shell.
89 lines
3.9 KiB
YAML
89 lines
3.9 KiB
YAML
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git
|
|
controller-gen.kubebuilder.io/version: v0.19.0
|
|
name: middlewaretcps.traefik.io
|
|
namespace: traefik
|
|
spec:
|
|
group: traefik.io
|
|
names:
|
|
kind: MiddlewareTCP
|
|
listKind: MiddlewareTCPList
|
|
plural: middlewaretcps
|
|
singular: middlewaretcp
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: |-
|
|
MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
|
|
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/middlewares/overview/
|
|
properties:
|
|
apiVersion:
|
|
description: |-
|
|
APIVersion defines the versioned schema of this representation of an object.
|
|
Servers should convert recognized schemas to the latest internal value, and
|
|
may reject unrecognized values.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
|
type: string
|
|
kind:
|
|
description: |-
|
|
Kind is a string value representing the REST resource this object represents.
|
|
Servers may infer this from the endpoint the client submits requests to.
|
|
Cannot be updated.
|
|
In CamelCase.
|
|
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
|
|
properties:
|
|
inFlightConn:
|
|
description: InFlightConn defines the InFlightConn middleware configuration.
|
|
properties:
|
|
amount:
|
|
description: |-
|
|
Amount defines the maximum amount of allowed simultaneous connections.
|
|
The middleware closes the connection if there are already amount connections opened.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
type: object
|
|
ipAllowList:
|
|
description: |-
|
|
IPAllowList defines the IPAllowList middleware configuration.
|
|
This middleware accepts/refuses connections based on the client IP.
|
|
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/middlewares/ipallowlist/
|
|
properties:
|
|
sourceRange:
|
|
description: SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
ipWhiteList:
|
|
description: |-
|
|
IPWhiteList defines the IPWhiteList middleware configuration.
|
|
This middleware accepts/refuses connections based on the client IP.
|
|
More info: https://doc.traefik.io/traefik/v3.6/reference/routing-configuration/tcp/middlewares/ipwhitelist/
|
|
|
|
Deprecated: please use IPAllowList instead.
|
|
properties:
|
|
sourceRange:
|
|
description: SourceRange defines the allowed IPs (or ranges of allowed IPs by using CIDR notation).
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
required:
|
|
- metadata
|
|
- spec
|
|
type: object
|
|
served: true
|
|
storage: true
|